How Chinese hacking felled telecommunication giant Nortel
Long before Canada arrested Meng, executives and entrepreneurs say they knew something was amiss.
Washington Cyber security adviser Brian Shields sensed something was wrong when he received a message from his manager at North American telecommunications giant Nortel.
An employee in the United Kingdom office had detected that a senior executive in Canada, Brian McFadden, had downloaded the Brit’s work documents from the company server.
It was odd, because the documents were irrelevant to McFadden’s responsibilities. The British employee sent an email to McFadden asking why he wanted the documents.
An email shot back from McFadden: “I don’t know what you’re talking about."
As Nortel’s senior adviser for systems security, Shields was called in to investigate. “When I first started looking into it I found that the access was not internal," says Shields.
“The documents were downloaded using the Ottawa based executive’s credentials through remote access to a site over in China."
Shields quickly realised that Nortel, at the time one of the world’s biggest commercial telecommunications equipment manufacturers, had been the victim of hacking. He traced most of the activity back to Shanghai. It was early 2004.
Upon further investigation, Shields discovered that seven staff accounts had been compromised via remote access.
One of the breached accounts belonged to the company’s then chief executive Frank Dunn.
“We knew they broke the CEO’s account and password, which means they could have got on his computer and his email as him," Shields says.
At Nortel, Shields first become aware of the prevalence of hacking of businesses and governments in the early 1990s when he joined a combined industry and government group called the Network Security Information Exchange.
The members included cyber security experts from providers such as AT&T, Verizon and Sprint, as well as manufacturers including Nortel, defence companies and a bank.
Over the years, participants exchanged confidential insights about cyber security breaches and received classified government briefings about cyber attacks. Shields signed non-disclosure agreements, so is limited by what he can divulge.
The classified briefings did include information about a group of hackers known as Titan Rain, who targeted US government assets and defence contractors.
In US cyber circles, China has long been suspected of being behind the attacks.
“The only thing I can say is that it was nothing short of amazing," Shields says.
“Those things were never discussed in public."
Companies are very reluctant to admit publicly to being the victims of cyber attacks.
If customers know their personal information has been illegally accessed, they may quickly lose confidence in dealing with the company.
According to Shields, Nortel was being penetrated by Chinese hackers since at least 2000 and probably much earlier.
After the initial busting of the hackers, Shields and his security colleagues reset the passwords of the compromised accounts. The hackers lay low for about six months.
Thereafter Shields detected new hacking originating from China.
The hackers had changed their attack model from remote access to using employees’ computers to open remote encrypted connections out to systems in China. They did this using a program that gave them complete desktop control of the employee’s PC.
The documents accessed contained confidential information about Nortel’s business plans and intellectual property. Among the names of the more than 1400 documents accessed between January and June 2004 were: the chief technology officer’s proposal for 2003, road map values and challenges to Nortel, large scale integration, causation effects and optical fibre systems, and switching highly integrated optical circuits.
“While we don’t know the full extent of everything they’d broken, we know enough that it was really serious," Shields says.
A decade on, he remains frustrated that Nortel didn’t invest in the necessary systems upgrades to ward off the attacks.
“We reset several passwords and did virtually nothing."
The Canadian-headquartered Nortel once controlled about 40 per cent of the commercial telecom voice and data infrastructure market in the United States.
In January 2009, the 114-year old Nortel filed for bankruptcy. Shields was laid off in March that year.
The company and its huge operations in the US were sold off in parts to other industry players.
Nortel’s downfall coincided with the meteoric rise of Chinese rival Huawei, which today is a major global networking and telecommunications equipment and services company.
Huawei was founded in 1988. It grew rapidly from a simple reseller of telecommunications equipment in China, to developing and building its own equipment to sell on the global market.
Shields believes the rise and fall of the two companies is no coincidence.
“That’s when our downfall really started," he says.
“We didn’t make our numbers, had more layoffs, while Huawei was growing in leaps and bounds."
Huawei’s revenues hit a record Yuan239 billion ($41 billion) in 2013.
In 2003, Cisco Systems sued Huawei for allegedly infringing on its patents and illegally copying code.
The case was dropped after the two companies reached a private settlement in 2004.
A report by cyber security firm Mandiant in February last year found that 141 American companies were hacked by a Shanghai-based unit of the Chinese army.
The latest details about alleged Chinese hacking publicly revealed last week by US authorities, came of little surprise to Shields.
“Once they break your computer, they want the keys to the kingdom," Shields says.